← Back to Skills Marketplace
ivan97

red-flights

by Yangki Zhang · GitHub ↗ · v3.2.0 · MIT-0
cross-platform ⚠ suspicious
43
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install red-flights
Description
Search red eye flights, overnight flights and late-night departures with after-midnight arrival deals. Also supports: flight booking, hotel reservation, trai...
Usage Guidance
Before enabling/using this skill: 1) Verify the authenticity of the flyai CLI package (@fly-ai/flyai-cli) on the npm registry and confirm it is the official client for the service the skill claims to use (the skill mentions 'Fliggy' but the CLI publisher is different). 2) Avoid automatic sudo/global installs — prefer manual inspection and installing in a sandbox or using a non-global/local install if possible. 3) Inspect the flyai-cli source or documentation (network endpoints, data sent) to ensure it doesn't exfiltrate sensitive data. 4) Be aware the skill will write an execution log file containing your queries; decide if storing that data locally is acceptable and where it will be written. 5) If you plan to complete bookings, confirm how authentication and payment are handled and whether any credentials will be required later. If you cannot verify the CLI/package provenance, treat this skill as untrusted.
Capability Analysis
Type: OpenClaw Skill Name: red-flights Version: 3.2.0 The skill is a flight search tool that relies on a third-party CLI (@fly-ai/flyai-cli). It is classified as suspicious because it constructs shell commands using unvalidated user input (e.g., in SKILL.md and references/playbooks.md), which presents a shell injection risk. Additionally, it instructs the agent to perform global package installations, including the use of 'sudo' in fallbacks.md, which are high-privilege operations that could be abused if the target package or the command construction is compromised.
Capability Assessment
Purpose & Capability
The skill claims to search and book red-eye flights and directs the agent to use a dedicated CLI (flyai). That mapping is coherent: a flight-search skill would reasonably call an external flight-provider CLI. However, the description names 'Fliggy (Alibaba Group)' while the runtime CLI is '@fly-ai/flyai-cli' — that vendor/branding mismatch is unexplained and should be verified. No credentials are requested, which is consistent with read-only search operations, but booking flows may later require authentication that the skill does not describe.
Instruction Scope
The SKILL.md forces all answers to come from the flyai CLI and prescribes installing the CLI if missing (including a sudo fallback). It also instructs creating a persistent execution log file (.flyai-execution-log.json) that contains raw user_query and CLI commands. These instructions cause the agent to perform network installs, may write potentially sensitive user input to disk, and instruct the agent to re-run commands until output meets formatting rules — increasing opportunity for repeated network activity. Although the file writes and CLI calls are within the skill's domain (flight search), they expand the skill's runtime footprint beyond simple ephemeral queries and should be highlighted to users.
Install Mechanism
There is no formal install spec in the registry, but SKILL.md tells the agent to run 'npm i -g @fly-ai/flyai-cli' (and suggests using sudo if it fails). That is an instruction to download and install code from the public npm ecosystem at runtime. Installing a global npm package (especially with sudo) is higher risk because it executes third-party code on the host and may require elevated privileges. The skill provides no homepage, publisher reputation, or package verification guidance.
Credentials
The skill requires no environment variables or explicit credentials, which is proportionate for read-only search. However, it logs raw requests and CLI responses in a local file; those logs may contain PII (origin/destination, dates, possibly passenger names if later used) and booking-related URLs. The skill also does not describe how booking (click-to-book) is authenticated or whether payment data is handled — gaps users should consider.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges in metadata. However, runtime instructions cause persistent changes: installing a global npm package and appending execution logs to .flyai-execution-log.json. These are modest persistence actions but do affect the host system and may require elevated permissions (sudo for global npm).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install red-flights
  3. After installation, invoke the skill by name or use /red-flights
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.2.0
red-flights 3.2.0 changelog: - Enforced strict CLI-only execution: absolutely no knowledge-based or training data answers. - Formalized "critical execution rules" for all responses, including mandatory output validation with `[Book]({detailUrl})` links. - Expanded parameter handling for red eye searches, with presets for cheapest, latest, and direct overnight options. - Added clear fallbacks and scenario playbooks for cases when no red eye flights are found. - Updated output and formatting guidelines to standardize Markdown tables, brand tags, and language matching. - Enhanced prerequisites and troubleshooting steps for CLI installation and usage.
Metadata
Slug red-flights
Version 3.2.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is red-flights?

Search red eye flights, overnight flights and late-night departures with after-midnight arrival deals. Also supports: flight booking, hotel reservation, trai... It is an AI Agent Skill for Claude Code / OpenClaw, with 43 downloads so far.

How do I install red-flights?

Run "/install red-flights" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is red-flights free?

Yes, red-flights is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does red-flights support?

red-flights is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created red-flights?

It is built and maintained by Yangki Zhang (@ivan97); the current version is v3.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments